Computer Science

Computer Science ›› 2014, Vol. 41 ›› Issue (7): 210-215.doi: 10.11896/j.issn.1002-137X.2014.07.044

Previous Articles     Next Articles

Capabilities-based DDoS Defense Architecture for Future Internet

ZHANG Hong-hao,WANG Jin-song,HUANG Wei and ZHAO Xiang-lin   

  • Online:2018-11-14 Published:2018-11-14

PDF (PC)

481

Abstract: Firstly,this paper introduced the theory and key technologies of Capabilities mechanism for future Internet and expounded and compared the typical programs based on Capabilities mechanism about their performance and reliability by simulation experiment in dissimilar scenarios.Secondly,we researched on the DDoS defense architecture based on capabilities mechanism,and discussed the viable implementation of the three parts(the flow classification,enforcement,Capabilities management) contained in the architecture in future network.Furthermore,we designed a simple traffic modeling under the Capabilities framework and analyzed the security and efficiency of the Capabilities framework theoretically.Finally,the paper analyzed the shortcomings and inadequacies of several solutions based on Capabilities mechanism and compared their performance and efficiency of in different scenarios through simulation experiments

Key words: Network security,DDoS,Capabilities mechanism,Future internet

[1] Worldwide Infrastructure Security Report.http://www.arbornetworks.com/research/infrastructure-security-report,2013
[2] Bellovin S,Clark D,Perrig A,et al.A Clean-Slate Design for the Next-Generation Secure Internet[C]∥National Science Foundation Workshop on Next-Generation Secure Internet.CMU,GENI Design Document,2005
[3] Anderson T,Roscoe T,Wetherall D.Preventing Internet Denial-of-Service with Capabilities [J].Computer Communication Review,2004,34(1):39-44
[4] Yaar A,Perrig A,Song D.SIFF:A Stateless Internet Flow Filter to Mitigate DDoS Flooding Attacks[C]∥Proceedings of IEEE Symposium on Security and Privacy.May 2004
[5] Yang X,Wetherall D,Anderson T.A DoS limiting Architecture[C]∥Proceedings of ACM SIGCOMM.2005:241-252
[6] Argyraki K,Cheriton D.Network Capabilities:The Good,the Bad and the Ugly[C]∥Proceedings of ACM HotNets IV.College Park,Maryland,2005
[7] Walfish M,Vutukuru M,Balakrishnan H,et al.DDoS defenseby offense[J].Proceedings of ACM SIGCOMM,2006,36(4):303-314
[8] Parno B,Wendlandt D,Shi E,et al.Portcullis:Protecting Connection Setup from Denial-of-Capability Attacks [J].Procee-dings of ACM SIGCOMM,2007,37(4):289-300
[9] Liu X,Yang X,Lu Y.To Filter or to Authorize:Network-LayerDoS Defense Against Multimillion-node Botnets[J].Proceedings of ACM SIGCOMM,2008,38(4):195-206
[10] Liu X,Yang X,Xia Y.NetFence:Preventing internet denial of service from inside out[C]∥Proceedings of the ACM SIGCOMM.2010:255-266
[11] Van Jacobson.Congestion avoidance and control[C]∥Procee-dings of ACM SIGCOMM’88.1988
[12] CAIDA.http://www.caida.org/home/
[13] The Network Simulator NS2.http:// www.isi.edu/nsn-am/ns/
No related articles found!
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.